Re: Freebsd 10.1 - Ezjail - OpenVPN - Tun Interface

Fri, 23 Oct 2015 10:42:19 -0700 

On 2015-10-23 11:37, James Lodge wrote:
> Hello all,
> 
> 
> I'm trying to build a jail on FreeBSD 10.1 using ezjail in order to run 
> OpenVPN. I'm not using vimage and don't particularly want to but I'm having 
> an issue with networking.
> 
> 
> OpenVPN daemon is up and running and I can connect successfully as a client. 
> I receive an IP address as expected, but I cannot route traffic to/from 
> client/server. The routing table on the client (which is a Windows machine) 
> looks fine so I assume the issue is on the server side. I have a tun 
> interface created on the host and exposed to the jail via devfs rules. The IP 
> address on the tun interface is configure on the host and not from the jail. 
> I can ping the tun interface IP from the host and the jail, but not from the 
> client when connected.
> 
> 
> Client---------public IP --------- lo1 (Jail alias Interface)------tun0 
> (OpenVPN Interface)
> 
> 10.8.06          x.x.x.x                   172.16.1.8                         
>      10.8.0.1
> 
> 
> 
> OpenVPN Jail Routing Table:
> 
> Internet:
> Destination        Gateway            Flags      Netif Expire
> 172.16.1.8         link#4             UH          lo1
> 
> Jail Host Routing Table:
> Internet:
> Destination        Gateway            Flags      Netif Expire
> default            x.x.0.1         UGS      vtnet0
> 10.8.0.0           10.8.0.2           UGS        tun0
> 10.8.0.1              link#5             UHS         lo0
> 10.8.0.2              link#5             UH         tun0
> x.x.0.0/18          link#1             U        vtnet0
> x.x.x.x                 link#1             UHS         lo0
> localhost            link#3             UH          lo0
> 172.16.1.1         link#4             UH          lo1
> 172.16.1.2         link#4             UH          lo1
> 172.16.1.3         link#4             UH          lo1
> 172.16.1.4         link#4             UH          lo1
> 172.16.1.5         link#4             UH          lo1
> 172.16.1.6         link#4             UH          lo1
> 172.16.1.7         link#4             UH          lo1
> 172.16.1.8         link#4             UH          lo1
> 
> Client Routing Table:
> 
> IPv4 Route Table
> ===========================================================================
> Active Routes:
> Network Destination        Netmask          Gateway       Interface  Metric
>           0.0.0.0          0.0.0.0         10.8.0.5         10.8.0.6     20
>          10.8.0.1  255.255.255.255         10.8.0.5         10.8.0.6     20
>          10.8.0.4  255.255.255.252         On-link          10.8.0.6    276
>          10.8.0.6  255.255.255.255         On-link          10.8.0.6    276
>          10.8.0.7  255.255.255.255         On-link          10.8.0.6    276
> 
> 
> 
> I'm a little stumped as to how to trouble shoot the issue so any help much 
> appreciated.
> 
> 
> James
> 
> 
> 
> _______________________________________________
> freebsd-jail@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
> 

Try running 'tcpdump -i tun0 -n' on the host, while pining from the
windows machine, and see if the packets are arriving.

-- 
Allan Jude

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to